Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security IT

Adobe Pushes Emergency Flash Player Security Fix 56

Posted by samzenpus
from the slap-on-the-patch dept.
wiredmikey writes "As expected, Adobe today released a security update for its Flash Player. The out of cycle update addresses critical security issues in flash player as well as an important universal cross-site scripting issue. Adobe reported that one of the vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message. To illustrate the importance of keeping systems up to date, including Adobe Flash products, the fact that the RSA cyber attack was executed using a spear phishing attack with an embedded flash file should serve as a friendly reminder. RSA was breached after an employee opened a spreadsheet that contained a zero-day exploit that installed a backdoor through an Adobe Flash vulnerability."
This discussion has been archived. No new comments can be posted.

Adobe Pushes Emergency Flash Player Security Fix

Comments Filter:
  • by savanik (1090193) on Wednesday September 21, 2011 @04:37PM (#37473156)

    The sooner we can get rid of Flash, the better. Bring on the HTML5, which will have no security vulnerabilities whatsoever!

    • by Device666 (901563)
      Oh really, please check your email...
    • by ejtttje (673126)
      Apparently people don't know a good troll when they see it :)
      • by tinkerton (199273)

        people shouldn't continually lump trolling together with parody, sarcasm, irony, tongue in cheek, or just stand up comedy.

    • by hairyfeet (841228)

      Oh please! like we haven't had like a bazillion browser bugs these past couple of years? And WHICH HTML V5, the H.264 HTML V5 or the Theora one or the WebM one?

      And it amazes me how geeks here will sacrifice pretty much anything on the alter of cross compatibility with Linux. Have you TRIED HTML V5? try it on an older office machine or a new single core netbook, its a slideshow! And even on machines that it actually runs it sucks major resources. great way to kill batteries dead but most mobile users wouldn'

    • by AftanGustur (7715)

      The sooner we can get rid of Flash, the better. Bring on the HTML5, which will have no security vulnerabilities whatsoever!

      Exactly, Microsoft removing flash support in the upcoming version of IE will bring us back years in terms of security.

    • That is the f*cking understatement of the century!!!
      I hate flash, yet people still want to use it, I do not understand....foxit atleast, if not other pdf viewers. Adobe just has no clue when it comes to secuirty, they are great at buying up the competition and repackaging the software for the image industry, not for security, so why allow your browser to have access to it, we really do not need to have flash websites....period!

  • Flash is truly become one big pile of steaming crap! I used to be against Apple, but frankly I think it should be made unlawful and Adobe fined a trillion dollars for every security incident involving that piece of garbage.

    Fucking hell, all of this so we can watch some fucking videos on the Internet and be annoyed by idiotic ads. Somebody, please, wipe Adobe out. They have become, through their sheer stupidity and incompetence, a force for online evil.

    • I would partly blame Firefox (!) however as well. Why would I say such a thing? Firefox fails to offer some means to block the loading of the flash plugin selectively, I would like for instance to by default block it and then opt in to allow certain pages to use flash. This should be integrated into a general security zones feature where you can create a security zone with this and settings for other things like javascript, to be enabled or disabled for the sites you have added to the zone. Firefox lacks th

  • by mr_lizard13 (882373) on Wednesday September 21, 2011 @05:08PM (#37473492)
    How do I get this vital security update for my iPhone?
  • Cross-site Scripting FAQ http://www.cgisecurity.com/xss-faq.html [cgisecurity.com]
  • by Nimey (114278)

    I just got done making a new install image for work today.

  • when I say I don't care because to me Flash is DEAD. Ever since HTML 5 started congealing, I've seen no reason to bother with Flash outside of simple animations. Which is where it started. And should have stayed, but with MM Director dying a slow and deserved death in the mid 90s, they had to find new work for the engineers....
  • Slim version (Score:4, Informative)

    by MrL0G1C (867445) on Wednesday September 21, 2011 @06:50PM (#37474452) Journal

    Nice quickly installing slim version, no junk and no download manager etc required:

    IE
    http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe [adobe.com]

    Firefox etc
    http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe [adobe.com]

  • Does this also affect the 64 bit version 11? Just curious since they haven't updated it for 2 weeks.

  • the more features you add to a program the more likely it is to be exploited. it also doesn't help to be closed source.

  • by jensend (71114)

    Is every security update now front page-worthy news? Maybe it's been a slow news day or something, but Flash security patches aren't exactly a rare occurrence. Might as well have an article "SUN COMES UP AGAIN TODAY!"

  • For those few (like me) who use SeaMonkey with "Advertise Firefox compatibility" disabled, the download site for Flash is broken. You wind up in a loop without ever getting the download. Either enable "Advertise Firefox compatibility" or spoof Firefox in some other way. Then, before trying the download site, remove all Adobe cookies. Yes, it's another case of invalid UA sniffing.

    When you finally download, you get a stub installer, not a complete installer. This is true for everyone, including users of

  • Does this effect the Flash 11 beta?

    • Adobe released Flash 11 yesterday, so no need to use the beta anymore; and I'm assuming the security issue was addressed or the release wouldn't be happening.

      http://apple.slashdot.org/story/11/09/21/1559246/Adobe-Releases-Flash-11-and-AIR-3 [slashdot.org]

      TFA specifically calls out Flash 10.3 though, not v11. Also the Flash 11 beta on Linux doesn't mention the new release at all. I am using Ubuntu and using the Flash Preferences (in System > Preferences), I am not informed of any actual new release. Maybe because I am i

      • Oh man, I hate replying to my own ./ post, but *that* ./ article headline and summary are completely false. If your read all the waaaay down to the bottom of TFA, on the linked-to slashdot piece, it says "Flash Player 11 and AIR 3 would be publicly available in early October, Adobe said in a statement." So no v11 Release happened at all.

        Adobe specifically states "Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and

  • It doesn't matter how quickly Adobe push out security updates, their updater is ineffective because it has too many manual steps, when it should be able to be completely automated like Windows Update is.

    Most users that I have seen simply click "Cancel" every time they start up their computer and the updater comes up, because they don't know what it is, and have been tought not to install software that they don't know.

Advertising may be described as the science of arresting the human intelligence long enough to get money from it.

Working...